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Disposition of Claims 

4) (El Claim(s) 1-11 is/are pending in the application. 
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5) Q Claim(s) is/are allowed. 
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DETAILED ACTION 

1 . Claims 1 - 1 1 are pending. 

Response to Arguments 

2. Applicant's arguments, see pages 7 - 8, filed 06/19/2007, with respect to the 
rejection(s) of claim(s) 1 under 35 U.S.C. 102 (b) have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Wang et al. U.S. PG- 
Publication No. (2002/0023215). 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1 - 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ozzie et al. U.S. Patent No. (5,664,099), in view of Wang et al. U.S. PG-Publication No. 
(2002/0023215). 

5. As per claim 1, Ozzie teaches assigning an identification code to said user and 
storing the assigned identification code at the authorization centre (Ozzie, Col. 5 Lines 
25 - 27, assigning ID codes for a user), assigning a symbol set selection algorithm to 
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said user and storing the assigned symbol set selection algorithm at the authorization 
centre in association with the identification code of the user (Ozzie, Col. 5 Lines 29 - 32, 
Code selected for unique graphical pattern) wherein the symbol set selection algorithm 
being a list of instructions how a predetermined number of graphic symbols can be 
generated from a table of graphic symbols (Ozzie, Col. 4 Lines 56 - 67, pool of icons), 
wherein each graphic symbol is characterized by a predetermined number of dominant 
features and each dominant feature can take a number of values (Ozzie, Col. 4 Lines 
26 - 37), a table of a predetermined number of randomly chosen different graphic 
symbols so that the user can apply the assigned symbol set algorithm for generating a 
predetermined number of generated symbols (Ozzie, Co. 4 Lines 49 - 67), but fails to 
teach displaying for said user on said remote terminal and forwarding said generated 
symbols to said authorization centre, forwarding said user identification code from the 
remote terminal to the authorization centre, at the authorisation centre using the 
received identification code and reproducing said generated symbols by using the 
symbol selection algorithm associated with the identified user and comparing the locally 
reproduced response symbols with the ones received from the remote terminal, and 
providing access to said user only if the received and generated symbols being 
identical. However, in an analogous art Wang teaches displaying for said user on said 
remote terminal and forwarding said generated symbols to said authorization centre, 
forwarding said user identification code from the remote terminal to the authorization 
centre, at the authorisation centre using the received identification code and ■ 
reproducing said generated symbols by using the symbol selection algorithm associated 
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with the identified user and comparing the locally reproduced response symbols with the 
ones received from the remote terminal, and providing access to said user only if the 
received and generated symbols being identical. However, in an analogous art Wang 
teaches (Wang, Paragraph 0016, password input remotely and password then 
validated). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Wang's Electronic transactions system with Ozzie's 
method for establishing a protected channel between a user and computer system 
because it offers the advantage of eliminating security risks user encounter with 
electronic transactions (Wang, Paragraph 0002). 

6. As per claim 2, Ozzie teaches user identification code being also a 
predetermined number of said graphic symbols selectable from said displayed set of 
graphic symbols (Ozzie, Col. 5 Lines 24 - 32). 

7. As per claim 3, Ozzie teaches displaying step showing to said user on said 
remote terminal respective lists associated with each of said features, each list 
comprising in a consecutive order all variations of the feature concerned, and allowing 
for said user to select from said lists in association with every generated symbol (Ozzie, 
Co. 4 Lines 49 - 67). 

8. As per claim 4, Ozzie teaches features being the shape, the colour and a number 
written on each of said symbols (Ozzie, Figures 2A, 2B and 2C). 

9. As per claim 5, Ozzie teaches symbol set generating algorithm comprises 
selection criteria of features (Ozzie, Co. 4 Lines 49 - 67). 
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10. As per claim 6, Ozzie teaches symbol set generating algorithm comprises 
selection and modification criteria of said features (Ozzie, Co. 4 Lines 49 - 67). 

1 1 . As per claim 7, Ozzie teaches the step of carrying out a transformation on said 
generated symbols to obtain a longer sequence of characters, defined as cryptographic 
key, before being forwarded from said remote terminal to said authorisation centre, and 
in said authorisation centre using the same transformation, and in said comparing step 
comparing said transformed versions of the generated and reproduced symbols (Ozzie, 
Col. 4 Lines 43 -48). 

12. As per claim 8, Ozzie teaches communication between said remote terminal and 
said authorisation centre the transmittal of the identification code and the identification 
of the user at the authorisation centre preceding said displaying step, and in said 
displaying step constructing said table of graphic symbols in the knowledge of said 
symbol set generating algorithm associated with the particular user so that said 
algorithm becomes always applicable (Ozzie, Col. 5 Lines 24 - 32). 

13. Claims 9-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ozzie et al. U.S. Patent No. (5,664,099) and Wang et al. U.S. PG-Publication No. 
(2002/0023215) and in view of Patzeretal. U.S. Patent No. (6,732,270). 

14. As per claim 9, Ozzie teaches carrying out a transformation on said generated 
symbols to obtain a longer sequence of characters, defined as cryptographic key 
(Ozzie, Col. 4 Lines 43 - 48), but fails to teach before being forwarded from said remote 
terminal to said authorisation centre, using said cryptographic key for encrypting a 



Application/Control Number: 10/658,345 Page 6 

Art Unit: 2134 

message from said user to the authorisation centre, and in said authorisation centre 
using the same transformation to obtain said cryptographic key, and using said key to 
decrypt the forwarded information, and in said comparing step decrypting the received 
information, and the comparison is regarded positive when the decrypted information 
fulfils certain conditions known to the remote terminal and to the authorisation centre. 
However, in an analogous art Patzer teaches before being forwarded from said remote 
terminal to said authorisation centre, using said cryptographic key for encrypting a 
message from said user to the authorisation centre, and in said authorisation centre 
using the same transformation to obtain said cryptographic key, and using said key to 
decrypt the forwarded information, and in said comparing step decrypting the received 
information, and the comparison is regarded positive when the decrypted information 
fulfils certain conditions known to the remote terminal and to the authorisation centre 
(Patzer, Col. 4 Lines 46 - 55 and Claim 1). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Patzer's method to authenticate a network access server 
to an authentication server with Ozzie's method for establishing a protected channel 
between a user and computer system because it offers the advantage of preventing 
unauthorized access to a system. 

15. As per claim 10, Ozzie a modified teaches step of carrying out a transformation 
on said generated symbols to obtain a longer sequence of characters, defined as 
cryptographic key and carrying out a still another transformation on said generated 
symbols to obtain a unique cryptographic algorithm (Ozzie, Col. 4 Lines 43 - 48), before 
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being forwarded from said remote terminal to said authorisation centre, using said 
cryptographic key and said unique cryptographic algorithm for encrypting a message 
from said user to the authorisation centre, and in said authorisation centre using the 
same transformation to obtain said cryptographic key and said cryptographic algorithm, 
and using said key and said algorithm to decrypt the forwarded information, and in said 
comparing step decrypting the received information, and the comparison is regarded 
positive when the decrypted information fulfils certain conditions known to the remote 
terminal and to the authorisation centre (Patzer, Col. 4 Lines 46 - 55 and Claim 1). 
16. As per claim 1 1 , Ozzie as modified teaches the step of creating a digital 
fingerprint (message authentication code, MAC) from the message of the user with the 
help of a one way hash function, encrypting the digital fingerprint using the said 
cryptographic key and unique cryptographic algorithm, forwarding from said remote 
terminal to said authorisation centre the message and the encrypted digital fingerprint, 
in said authorisation centre creating a digital fingerprint (message authentication code, 
MAC) from the message received from the user and using the same transformation to 
obtain said cryptographic key and said cryptographic algorithm, and using said key and 
said algorithm to decrypt the digital fingerprint forwarded with the message and in said 
comparing step decrypting the received digital fingerprint and the comparison is 
regarded positive when the decrypted digital fingerprint and the digital fingerprint 
created in the authorisation centre are identical (Patzer, Col. 4 Lines 46 - 55 and Claim 
1). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Roderick Tolentino whose telephone, number is (571) 
272-2661. The examiner can normally be reached on Monday - Friday 9am to 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Roderick Tolentino 

Examiner 

Art Unit 21 34 
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